Examining Page Tables in Kernel Crash Dumps (amd64)
Arlie Stephens
arlie at worldash.org
Thu Dec 24 20:01:49 UTC 2015
On Dec 24 2015, John Baldwin wrote:
>
> On Tuesday, December 22, 2015 03:59:20 PM Arlie Stephens wrote:
[snip]
> > So far, the only way I know to get a look at kernel page table
> > contents in FreeBSD is on live systems with ddb.
> >
> > I would like to know whether there are any tools I haven't noticed for
> > dealing with page tables in crash dumps - or, for that matter, whether
> > kgdb is supposed to be able to display the kernel's recursive page
> > tables.
> >
> > Failing that, I may just have to write one ;-) (Or figure out how to
> > chase my problem on live systems.)
>
> kgdb depends on libkvm to handle translations of virtual addresses to
> offsets in the vmcore file (which is then used by kvm_read to read the
> relevant data). On amd64 you can cheat a bit by using direct map
> addresses (I use this in my gdb macros to walk the page tables by
> hand so I can look at raw PDEs, PTEs, etc.).
>
> (For the macros I use you can look at www.freebsd.org/~jhb/gdb/gdb6.amd64)
>
> Normally you download the files there and do 'source gdb6' which will pull
> in gdb6.amd64. The 'pmap_*' macros try to replicate the behavior of the
> equivalent functions in pmap.c.
Many thanks! This looks like exactly what I was looking for.
I'd missed the trick of using the direct map to get at the page tables
themselves - I was trying to start with PDmap. (Following the kernel
code really closely is what you do when you aren't sure you understand
how it works :-( )
FWIW, I'd missed a few other tricks of the trade as well. You are
doing things in your gdb scripts I didn't know were possible. Thanks
for that too.
--
Arlie
(Arlie Stephens arlie at worldash.org)
More information about the freebsd-hackers
mailing list